<?php
//
//	file: includes/aucp/notify_fields.php
//	begin: 2006-07-10
//	$Author: christopher $
//	$Revision: 29 $
//	$Date: 2008-07-19 15:59:35 +0000 (Sat, 19 Jul 2008) $
//	license: http://opensource.org/licenses/gpl-license.php GNU General Public License (GPL)
//
//	description: notify cp fields

if ( !defined('IN_PHPBB') )
{
	die('Hacking attempt');
	exit;
}

class field_pm_users extends field_varchar
{
	function decode($value)
	{
		return $value;
	}

	function encode($value)
	{
		return stripslashes(phpbb_clean_username(addslashes(trim(preg_replace('#\s+#', ' ', $value)))));
	}

	function check()
	{
		global $error, $error_msg;
		global $db, $user;

		if ( $this->data['output'] )
		{
			return;
		}

		parent::check();
		if ( $error )
		{
			return;
		}

		// check empty
		if ( empty($this->value) )
		{
			if ( !$this->data['empty_allowed'] )
			{
				_error($user->lang(empty($this->data['legend']) ? $this->name : $this->data['legend']) . ': ' . $user->lang('empty_error'));
			}
			return;
		}
		// no changes : return
		if ( $this->value == $this->data['value'] )
		{
			return;
		}

		$usernames = explode(',', $this->value);

		// loop through names typed
		foreach($usernames as $username)
		{
			$found = $found_type = false;

			// remove html escape for some checks
			$username = _un_htmlspecialchars(trim($username));

			// Don't allow " and ALT-255 in name
			if ( strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)) )
			{
				$this->data['sub_values']['e'][$username] = true;
			}

			// check against user names
			$sql = 'SELECT user_id
						FROM ' . USERS_TABLE . '
						WHERE LOWER(username) = \'' . $db->sql_escape_string(strtolower($username)) . '\'' . '
						LIMIT 1';
			$result = $db->sql_query($sql, false, __LINE__, __FILE__);
			$found = ($row = $db->sql_fetchrow($result));
			$found_type = ($found) ? 'u' : '';
			$db->sql_freeresult($result);

			// no username, so check against group names
			if ( !$found )
			{
				$sql = 'SELECT group_id
							FROM ' . GROUPS_TABLE . '
							WHERE LOWER(group_name) = \'' . $db->sql_escape_string(strtolower($username)) . '\'
								AND group_single_user <> 1
							LIMIT 1';
				$result = $db->sql_query($sql, false, __LINE__, __FILE__);
				$found = ($row = $db->sql_fetchrow($result));
				$found_type = ($found) ? 'g' : '';
				$db->sql_freeresult($result);
			}

			// still not found, so add to not found list
			if ( !$found )
			{
				$this->data['sub_values']['n'][$username] = true;
			}

			// add to  found list
			$this->data['sub_values'][$found_type][$username] = $found;
		}

		// send errors for output
		if ( $this->data['sub_values']['e'] && !empty($this->data['sub_values']['e']) )
		{
			_error('Pm_invalid_character');
		}
		if( $this->data['sub_values']['n'] && !empty($this->data['sub_values']['n']) )
		{
			_error('Pm_user_not_found');
		}
	}
}

?>